* [9fans] panic: D2B called on non-block 8067a168 (double-free?)
@ 2003-04-30 22:19 Axel Belinfante
2003-04-30 22:27 ` rsc
0 siblings, 1 reply; 2+ messages in thread
From: Axel Belinfante @ 2003-04-30 22:19 UTC (permalink / raw)
To: 9fans
I got the following panic in a kernel I compiled at Feb 18 2003:
panic: D2B called on non-block 8067a168 (double-free?)
It happened when I was using classical and (I think)
due to some clicking classicjuke probably puked and
committed suicide (at least, before the panic it had
done so several times -- each time I just restarted it).
Below follows the result of runnning the src commands
generated from the trace by ktrace through acid.
When I tried with 'ktrace -i' it asked for (one) more
memory location than was present in the trace.
Axel.
cpu% acid 9pcdisk
9pcdisk:386 plan 9 boot image
/sys/lib/acid/port
/sys/lib/acid/386
acid: src(0x8010675f); // dumpstack+0x10
/sys/src/9/pc/trap.c:509
504 /* restore pc to instruction that caused the trap */
505 ureg->pc--;
506 sprint(buf, "sys: breakpoint");
507 postnote(up, 1, buf, NDebug);
508 }
>509
510 static void
511 fault386(Ureg* ureg, void*)
512 {
513 ulong addr;
514 int read, user, n, insyscall;
acid: src(0x80139f07); // panic+0xeb
/sys/src/9/port/devcons.c:224
219 spllo();
220 prflush();
221 putstrn(buf, n+1);
222 dumpstack();
223
>224 exit(1);
225 }
226
227 void
228 _assert(char *fmt)
229 {
acid: src(0x8019e609); // ppanic+0xb4
/sys/src/9/port/alloc.c:88
83 va_start(v, fmt);
84 vseprint(pv->msg+strlen(pv->msg), pv->msg+sizeof pv->msg, fmt, v);
85 va_end(v);
86 memmove(msg, pv->msg, sizeof msg);
87 iunlock(&pv->lk);
>88 panic("%s", msg);
89 }
90
91 static void
92 plock(Pool *p)
93 {
acid: src(0x801c50b5); // D2B+0x32
/sys/src/libc/port/pool.c:943
938 D2B(Pool *p, void *v)
939 {
940 Alloc *a;
941 a = _D2B(v);
942 if(a->magic != KEMPT_MAGIC)
>943 p->panic(p, "D2B called on non-block %p (double-free?)", v);
944 return a;
945 }
946
947 /* poolallocl: attempt to allocate block to hold dsize user bytes; assumes lock held */
948 static void*
acid: src(0x801c54de); // poolfreel+0x20
/sys/src/libc/port/pool.c:1064
1059 Bhdr *back, *fwd;
1060
1061 if(v == nil) /* for ANSI */
1062 return;
1063
>1064 ab = D2B(p, v);
1065 blockcheck(p, ab);
1066
1067 if(p->flags&POOL_NOREUSE){
1068 int n;
1069
acid: src(0x801c58d3); // poolfree+0x41
/sys/src/libc/port/pool.c:1174
1169 poolcheckl(p);
1170 }
1171 verbosity {
1172 pooldumpl(p);
1173 }
>1174 poolfreel(p, v);
1175 paranoia {
1176 poolcheckl(p);
1177 }
1178 verbosity {
1179 pooldumpl(p);
acid: src(0x8019e8fb); // free+0x23
/sys/src/9/port/alloc.c:223
218
219 void
220 free(void *v)
221 {
222 if(v != nil)
>223 poolfree(mainmem, (ulong*)v-Npadlong);
224 }
225
226 void*
227 realloc(void *v, ulong size)
228 {
acid: src(0x801a63ff); // mountfree+0x37
/sys/src/9/port/pgrp.c:248
243 while(m) {
244 f = m->next;
245 cclose(m->to);
246 m->mountid = 0;
247 free(m->spec);
>248 free(m);
249 m = f;
250 }
251 }
252
253 void
acid: src(0x801a5f93); // closepgrp+0x95
/sys/src/9/port/pgrp.c:87
82 e = &p->mnthash[MNTHASH];
83 for(h = p->mnthash; h < e; h++) {
84 for(f = *h; f; f = next) {
85 wlock(&f->lock);
86 cclose(f->from);
>87 mountfree(f->mount);
88 f->mount = nil;
89 next = f->hash;
90 wunlock(&f->lock);
91 putmhead(f);
92 }
acid: src(0x801a8156); // pexit+0x136
/sys/src/9/port/proc.c:806
801 p->rendval = ~0;
802 l = &REND(p->rgrp, p->rendtag);
803 for(d = *l; d; d = d->rendhash) {
804 if(d == p) {
805 *l = p->rendhash;
>806 break;
807 }
808 l = &d->rendhash;
809 }
810 ready(p);
811 }
acid: src(0x801b1e0a); // sysexits+0x7f
/sys/src/9/port/sysproc.c:582
577 poperror();
578
579 }
580 pexit(status, 1);
581 return 0; /* not reached */
>582 }
583
584 long
585 sys_wait(ulong *arg)
586 {
587 int pid;
acid: src(0x80106ade); // syscall+0x16c
/sys/src/9/pc/trap.c:604
599 if(up->nerrlab){
600 print("bad errstack [%uld]: %d extra\n", scallnr, up->nerrlab);
601 for(i = 0; i < NERR; i++)
602 print("sp=%lux pc=%lux\n",
603 up->errlab[i].sp, up->errlab[i].pc);
>604 panic("error stack");
605 }
606
607 up->insyscall = 0;
608 up->psstate = 0;
609
acid: src(0x80100982); // _syscallintr+0x18
/sys/src/9/pc/plan9l.s:45
40 MOVW AX, DS
41 MOVW AX, ES
42 PUSHL SP
43 CALL syscall(SB)
44
>45 POPL AX
46 POPAL
47 POPL GS
48 POPL FS
49 POPL ES
50 POPL DS
acid:
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [9fans] panic: D2B called on non-block 8067a168 (double-free?)
2003-04-30 22:19 [9fans] panic: D2B called on non-block 8067a168 (double-free?) Axel Belinfante
@ 2003-04-30 22:27 ` rsc
0 siblings, 0 replies; 2+ messages in thread
From: rsc @ 2003-04-30 22:27 UTC (permalink / raw)
To: 9fans
That's discouraging. Let us know if it happens again.
It looks like there's a ref count bug on some hardly
ever used path.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-04-30 22:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-04-30 22:19 [9fans] panic: D2B called on non-block 8067a168 (double-free?) Axel Belinfante
2003-04-30 22:27 ` rsc
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).